docker 容器无法创建 socket： Permission denied

起因是使用 docker 运行 jenkins，始终启动不起来，运行命令：

docker run --name jenkins -p 8180:8080 jenkins/jenkins

错误信息：

java.lang.Throwable: reason
	at hudson.WebAppMain.contextDestroyed(WebAppMain.java:388)
	at org.eclipse.jetty.server.handler.ContextHandler.callContextDestroyed(ContextHandler.java:940)
	at org.eclipse.jetty.servlet.ServletContextHandler.callContextDestroyed(ServletContextHandler.java:565)
	at org.eclipse.jetty.server.handler.ContextHandler.stopContext(ContextHandler.java:908)
	at org.eclipse.jetty.servlet.ServletContextHandler.stopContext(ServletContextHandler.java:367)
	at org.eclipse.jetty.webapp.WebAppContext.stopWebapp(WebAppContext.java:1450)
	at org.eclipse.jetty.webapp.WebAppContext.stopContext(WebAppContext.java:1415)
	at org.eclipse.jetty.server.handler.ContextHandler.doStop(ContextHandler.java:983)
	at org.eclipse.jetty.servlet.ServletContextHandler.doStop(ServletContextHandler.java:284)
	at org.eclipse.jetty.webapp.WebAppContext.doStop(WebAppContext.java:547)
	at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:93)
	at org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:180)
	at org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:201)
	at org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:108)
	at org.eclipse.jetty.server.Server.doStop(Server.java:454)
	at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:93)
	at winstone.Launcher.shutdown(Launcher.java:304)
	at winstone.Launcher.<init>(Launcher.java:195)
	at winstone.Launcher.main(Launcher.java:355)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at Main._main(Main.java:375)
	at Main.main(Main.java:151)
2020-04-14 10:13:10.097+0000 [id=1]	INFO	o.e.j.s.handler.ContextHandler#doStop: Stopped w.@1095f122{Jenkins v2.230,/,null,UNAVAILABLE}{/var/jenkins_home/war}
Exception in thread "Jenkins initialization thread" 2020-04-14 10:13:10.098+0000 [id=1]	INFO	winstone.Logger#logInternal: Jetty shutdown successfully
java.lang.NoClassDefFoundError: hudson/util/HudsonFailedToLoad
	at hudson.WebAppMain$3.run(WebAppMain.java:247)
Caused by: java.lang.ClassNotFoundException: hudson.util.HudsonFailedToLoad
	at java.net.URLClassLoader.findClass(URLClassLoader.java:382)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:419)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:352)
	at org.eclipse.jetty.webapp.WebAppClassLoader.loadClass(WebAppClassLoader.java:543)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:352)
	... 1 more
java.io.IOException: Failed to start Jetty
	at winstone.Launcher.<init>(Launcher.java:184)
	at winstone.Launcher.main(Launcher.java:355)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at Main._main(Main.java:375)
	at Main.main(Main.java:151)
Caused by: java.net.SocketException: Permission denied
	at sun.nio.ch.Net.socket0(Native Method)
	at sun.nio.ch.Net.serverSocket(Net.java:415)
	at sun.nio.ch.ServerSocketChannelImpl.<init>(ServerSocketChannelImpl.java:85)
	at sun.nio.ch.SelectorProviderImpl.openServerSocketChannel(SelectorProviderImpl.java:56)
	at java.nio.channels.ServerSocketChannel.open(ServerSocketChannel.java:108)
	at org.eclipse.jetty.server.ServerConnector.openAcceptChannel(ServerConnector.java:336)
	at org.eclipse.jetty.server.ServerConnector.open(ServerConnector.java:307)
	at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:80)
	at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:231)
	at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
	at org.eclipse.jetty.server.Server.doStart(Server.java:385)
	at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
	at winstone.Launcher.<init>(Launcher.java:182)
	... 7 more
2020-04-14 10:13:10.099+0000 [id=1]	SEVERE	winstone.Logger#logInternal: Container startup failed
java.net.SocketException: Permission denied
	at sun.nio.ch.Net.socket0(Native Method)
	at sun.nio.ch.Net.serverSocket(Net.java:415)
	at sun.nio.ch.ServerSocketChannelImpl.<init>(ServerSocketChannelImpl.java:85)
	at sun.nio.ch.SelectorProviderImpl.openServerSocketChannel(SelectorProviderImpl.java:56)
	at java.nio.channels.ServerSocketChannel.open(ServerSocketChannel.java:108)
	at org.eclipse.jetty.server.ServerConnector.openAcceptChannel(ServerConnector.java:336)
	at org.eclipse.jetty.server.ServerConnector.open(ServerConnector.java:307)
	at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:80)
	at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:231)
	at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
	at org.eclipse.jetty.server.Server.doStart(Server.java:385)
	at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
	at winstone.Launcher.<init>(Launcher.java:182)
Caused: java.io.IOException: Failed to start Jetty
	at winstone.Launcher.<init>(Launcher.java:184)
	at winstone.Launcher.main(Launcher.java:355)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at Main._main(Main.java:375)
	at Main.main(Main.java:151)

之后更换了几个 jenkins 镜像，发现似乎并不是 jenkins 镜像的问题。 于是尝试运行 mysql 镜像：

docker run -p 3307:3306 -e MYSQL_RANDOM_ROOT_PASSWORD=123456 --name mysql mysql

日志信息：

2020-04-14 10:06:16+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 8.0.19-1debian10 started.
2020-04-14 10:06:16+00:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql'
2020-04-14 10:06:16+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 8.0.19-1debian10 started.
2020-04-14 10:06:16+00:00 [Note] [Entrypoint]: Initializing database files
2020-04-14T10:06:16.760050Z 0 [Warning] [MY-011070] [Server] 'Disabling symbolic links using --skip-symbolic-links (or equivalent) is the default. Consider not using this option as it' is deprecated and will be removed in a future release.
2020-04-14T10:06:16.760113Z 0 [System] [MY-013169] [Server] /usr/sbin/mysqld (mysqld 8.0.19) initializing of server in progress as process 43
2020-04-14T10:06:40.030275Z 5 [Warning] [MY-010453] [Server] root@localhost is created with an empty password ! Please consider switching off the --initialize-insecure option.
2020-04-14 10:07:06+00:00 [Note] [Entrypoint]: Database files initialized
2020-04-14 10:07:06+00:00 [Note] [Entrypoint]: Starting temporary server
2020-04-14T10:07:06.757900Z 0 [Warning] [MY-011070] [Server] 'Disabling symbolic links using --skip-symbolic-links (or equivalent) is the default. Consider not using this option as it' is deprecated and will be removed in a future release.
2020-04-14T10:07:06.757988Z 0 [System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.0.19) starting as process 93
2020-04-14T10:07:09.103182Z 0 [Warning] [MY-010068] [Server] CA certificate ca.pem is self signed.
2020-04-14T10:07:09.151379Z 0 [Warning] [MY-011810] [Server] Insecure configuration for --pid-file: Location '/var/run/mysqld' in the path is accessible to all OS users. Consider choosing a different directory.
2020-04-14T10:07:09.168210Z 0 [System] [MY-010931] [Server] /usr/sbin/mysqld: ready for connections. Version: '8.0.19'  socket: '/var/run/mysqld/mysqld.sock'  port: 0  MySQL Community Server - GPL.
2020-04-14 10:07:09+00:00 [Note] [Entrypoint]: Temporary server started.
2020-04-14T10:07:09.381709Z 0 [System] [MY-011323] [Server] X Plugin ready for connections. Socket: '/var/run/mysqld/mysqlx.sock'
Warning: Unable to load '/usr/share/zoneinfo/iso3166.tab' as time zone. Skipping it.
Warning: Unable to load '/usr/share/zoneinfo/leap-seconds.list' as time zone. Skipping it.
Warning: Unable to load '/usr/share/zoneinfo/zone.tab' as time zone. Skipping it.
Warning: Unable to load '/usr/share/zoneinfo/zone1970.tab' as time zone. Skipping it.
2020-04-14 10:07:13+00:00 [Note] [Entrypoint]: GENERATED ROOT PASSWORD: Eifai1coadoh5IeKee6Ziequoh6no2oo

2020-04-14 10:07:13+00:00 [Note] [Entrypoint]: Stopping temporary server
2020-04-14T10:07:13.889165Z 10 [System] [MY-013172] [Server] Received SHUTDOWN from user root. Shutting down mysqld (Version: 8.0.19).
2020-04-14T10:07:16.234409Z 0 [System] [MY-010910] [Server] /usr/sbin/mysqld: Shutdown complete (mysqld 8.0.19)  MySQL Community Server - GPL.
2020-04-14 10:07:16+00:00 [Note] [Entrypoint]: Temporary server stopped

2020-04-14 10:07:16+00:00 [Note] [Entrypoint]: MySQL init process done. Ready for start up.

2020-04-14T10:07:17.138424Z 0 [Warning] [MY-011070] [Server] 'Disabling symbolic links using --skip-symbolic-links (or equivalent) is the default. Consider not using this option as it' is deprecated and will be removed in a future release.
2020-04-14T10:07:17.138513Z 0 [System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.0.19) starting as process 1
2020-04-14T10:07:19.222285Z 0 [Warning] [MY-010068] [Server] CA certificate ca.pem is self signed.
2020-04-14T10:07:19.223207Z 0 [ERROR] [MY-010250] [Server] Failed to create a socket for IPv4 '0.0.0.0': errno: 13.
2020-04-14T10:07:19.223318Z 0 [ERROR] [MY-010255] [Server] Can't create IP socket: Permission denied
2020-04-14T10:07:19.223587Z 0 [ERROR] [MY-010119] [Server] Aborting
2020-04-14T10:07:20.361212Z 0 [System] [MY-010910] [Server] /usr/sbin/mysqld: Shutdown complete (mysqld 8.0.19)  MySQL Community Server - GPL.

也是一样因为没有权限无法创建 socket 而退出，目前尝试过的方式是容器内外的用户均切换到 root 用户运行，以及对/var/run/docker.sock文件进行权限修改、删除重新生成等，Google 未找到一样的情况，大多是单独运行 mysql 或者单独运行 jenkins 时出现这种错误的处理，单独运行 jenkins 我是没问题的，无奈只能来求助了。